Russian hackers selling login credentials of UK politicians, diplomats – report

They're oldies but could still spill the goodies, say experts

Russians hackers are trading the email addresses and passwords of top UK politicians and diplomats.

The login credentials of thousands of British politicians, ambassadors and other top officials are getting traded on the dark net, The Times reports. Even though the data is old and in some ways past its sell-by date, it still presents a potential problem.

An investigation by the paper found two massive lists of stolen credentials were put up for sale or traded on Russian-speaking hacking sites. The purloined cache included the log-in details of 1,000 British MPs and parliamentary staff, 7,000 police employees and over 1,000 Foreign Office officials.

The purported details include key members of Parliament such as education secretary Justine Greening and business secretary Greg Clark.

This might sound bad, but security watchers reckon the trade largely covers old or otherwise depreciated credentials, minimising the potential for harm.

Noted password security expert Troy Hunt, the security researcher behind the haveibeenpwned site, shrugged at the trade in purloined credentials. "Business as usual on the internet," he told El Reg.

Pete Banham, cyber resilience expert at Mimecast, commented: "This latest password cache appears to be recycled from old breaches. It is however a prime example of how important it is for individuals, especially those in a position of political power right now, to take more responsibility for password strength and reuse between consumer and business services.

"Once credentials are compromised, cybercriminals can implement highly targeted spear-phishing and social engineering attacks, putting confidential data at risk of being stolen," he added.

Even though the data is old, meaning passwords have likely been changed and accounts closed, it hold clues in the data that could allow hackers to profile targets and launch phishing attacks designed to snaffle more up-to-date login credentials.

Mark James, security specialist at ESET, said that a "small amount of data could be the next piece of the jigsaw in your online profile".

"Once that profile is large enough to be useful, it may be offered for sale on the web. This data could then be used to access other accounts if you reuse passwords, or if it's access to email accounts then they now have an excellent base to start a targeted phishing attack that would seem to come from someone you know or already do business with," he concluded.

Rashmi Knowles, EMEA field CTO at RSA, commented: "This story shows just how important it is that people change all their passwords in the wake of a breach. People often use the same password for multiple sites, even for accessing work-essential applications and services, and do not change them for years; this means that when these credentials are harvested, as we can see in this instance, it can have serious repercussions." ®


Biting the hand that feeds IT © 1998–2017